package com.lyl.server;

import javax.annotation.PostConstruct;
import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.JdbcApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;

/**
 * 该类负责配置授权服务，包括对客户端的配置、token令牌的配置
 * 
 * @author 80575590
 *
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

	@Autowired
	AuthenticationManager authenticationManager;

	@Autowired
	private DataSource dataSource;
	@Autowired
	private UserDetailsService userDetailsService;
	/**
	 * 自定义授权页面
	 */
	@Autowired
	private AuthorizationEndpoint authorizationEndpoint;

	@PostConstruct
	public void init() {
		authorizationEndpoint.setUserApprovalPage("forward:/oauth/oauth_approval");
		authorizationEndpoint.setErrorPage("forward:/oauth/oauth_error");
	}
	@Bean
	public ClientDetailsService clientDetails() {

		return new JdbcClientDetailsService(dataSource);
	}

	// 初始化JdbcTokenStore
	@Bean
	public TokenStore getTokenStore() {
		return new JdbcTokenStore(dataSource);
	}
	@Bean
	protected AuthorizationCodeServices authorizationCodeServices() {
		return new JdbcAuthorizationCodeServices(dataSource);
	}
	@Bean
	public ApprovalStore approvalStore() {
		return new JdbcApprovalStore(dataSource);
	}
	@Bean
	public TokenStoreUserApprovalHandler tokenStoreUserApprovalHandler() {
		TokenStoreUserApprovalHandler tokenStoreUserApprovalHandler = new TokenStoreUserApprovalHandler();
		tokenStoreUserApprovalHandler.setTokenStore(getTokenStore());
		tokenStoreUserApprovalHandler.setClientDetailsService(clientDetails());
		tokenStoreUserApprovalHandler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetails()));
		return tokenStoreUserApprovalHandler;
	}
	@Override
	public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
		security.allowFormAuthenticationForClients().tokenKeyAccess("permitAll()")
				.checkTokenAccess("isAuthenticated()");

	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		// 配置客户端, 用于client认证
	//	clients.withClientDetails(clientDetails());

		clients.jdbc(dataSource);
	}

	// 配置 Token 的节点 和 Token 服务
	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

	/*	endpoints.tokenStore(getTokenStore())// 数据库保存token
				.authenticationManager(authenticationManager)
				.userDetailsService(userDetailsService);*/
		// oauth_approvals
		endpoints.approvalStore(approvalStore());

		endpoints.userApprovalHandler(tokenStoreUserApprovalHandler());
		// oauth_code
		endpoints.authorizationCodeServices(authorizationCodeServices());
		// oauth_access_token & oauth_refresh_token
		endpoints.userDetailsService(userDetailsService);
		endpoints.tokenStore(getTokenStore());
		// 支持password grant type
		endpoints.authenticationManager(authenticationManager);


	}



}
